Query - Authentication/Authorization
This example shows how to control the permission of a user to query the data of a collection using the [QueryAuth]-Attribute.
Usage
The [QueryAuth]-Attribute can be used on the model class and/or on specific fields/properties of the model
Every auth-attribute can be used in three ways.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.
- Without attributes: Authentication required
- Policies: A comma separated string of policy-names. All policies have to succeed. Check out Policies for more details
- Function name: You can optionally pass the name of a function in the class that has to return a boolean. The function will get executed to check if the user is allowed for the action.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.
Demo
Use this controls to change the login state
You are currently not logged in
Example - Only authenticated
This example shows the basic usage. When you only use the attribute the user has to be authenticated.
\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.RequiresAuthForQueryDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryAuth]\n public class RequiresAuthForQuery : Base\n {\n \tpublic string Content { get; set; }\n }
Example - Only admin
This example shows how to use policies to check if the user allowed to query.
\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.RequiresAdminForQueryDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryAuth("requireAdmin")]\n public class RequiresAdminForQuery : Base\n {\n \tpublic string Content { get; set; }\n } \f:(csharp:Startup.cs:Server) public void ConfigureServices(IServiceCollection services)\n {\n \tservices.AddAuthorization(config =>\n \t{\n \t\tconfig.AddPolicy("requireAdmin", b => b.RequireRole("admin"));\n \t});\n }
Example - Custom function
This example shows how to define a custom static function that checks if the user is allowed.
\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.CustomFunctionForQueryDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryAuth(functionName: "CanQuery")]\n [QueryAuth(functionName: "CanQuery2")]\n public class CustomFunctionForQuery : Base\n {\n \tpublic static bool CanQuery(HttpInformation httpInformation)\n \t{\n \t\treturn httpInformation.User.IsInRole("admin");\n \t}\n\n \tpublic static bool CanQuery2(HttpInformation httpInformation)\n \t{\n \t\treturn httpInformation.User.IsInRole("user");\n \t}\n\n \tpublic string Content { get; set; }\n }
You can use dependency injection for the method. SapphireDb will provide you a
HttpInformation-object with information about the request and the instances found in the DI-Container.
Example - Custom function per entry
This example is a bit special. The user is allways allowed to query information and the check for permission is made for each entry. All entries that are not allowed to get queried will just get omitted.
This example also demonstrates how to use multiple auth attributes. Both attributes define a different condition and only one has to succeed.
\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('CustomFunctionPerEntryForQueryDemos', 'AuthDemo').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryEntryAuth(functionName: "CanQuery")]\n [QueryEntryAuth(functionName: "CanQuery2")]\n public class CustomFunctionPerEntryForQuery : Base\n {\n \tpublic bool CanQuery(HttpInformation httpInformation)\n \t{\n \t\treturn Content == "Test 1";\n \t}\n\n \tpublic bool CanQuery(HttpInformation httpInformation)\n \t{\n \t\treturn Content == "Test 2";\n \t}\n\n \tpublic string Content { get; set; }\n }
Example - Authorization for fields
This example shows how to handle authorization on fields.
\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.QueryFieldDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) public class QueryFields : Base {\n \t[QueryAuth]\n \tpublic string Content { get; set; }\n\n \t[QueryAuth("requireAdmin")]\n \tpublic string Content2 { get; set; }\n\n \t[QueryAuth(functionName: "CanQuery")]\n \tpublic string Content3 { get; set; }\n\n \tprivate bool CanQuery()\n \t{\n \t\treturn Content == "Test 1";\n \t}\n }